Author Topic: SSL/TLS Connection  (Read 7601 times)

0 Members and 1 Guest are viewing this topic.

Offline Samhill

  • Newbie
  • *
  • Posts: 12
SSL/TLS Connection
« on: June 25, 2012, 08:06:51 AM »
I looked at the sticky and since this seems to be a different problem, I made a different topic.

The warning just popped up randomly. So is this a hiccup with Avast!, or was someone trying to hack my system? I Googled the address and it's somewhere in Taiwan. Should I be concerned?

Offline Jan Gahura

  • Avast team
  • Full Member
  • *
  • Posts: 162
    • ALWIL Software
Re: SSL/TLS Connection
« Reply #1 on: June 25, 2012, 03:13:42 PM »
Hi,

The message says that there was an encrypted connection to a mail server which the mail shield can't inspect because of the encryption. What email service do you use? Which email client do you use?

There's certainly nothing to be worried about.

Regards,
Jan

Offline Samhill

  • Newbie
  • *
  • Posts: 12
Re: SSL/TLS Connection
« Reply #2 on: June 25, 2012, 05:38:06 PM »
I use Mail to connect to my ISP's server. I live in the US and for some reason the connection is in Taiwan. So is this a out going or incoming connection? Is this malware trying to phone out that Avast didn't detect?
« Last Edit: June 13, 2013, 07:15:54 PM by Samhill »

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS Connection
« Reply #3 on: June 25, 2012, 07:09:28 PM »
So is this a out going or incoming connection?

outgoing

Is this malware trying to phone out that Avast didn't detect?

There is definitively some process, that is connecting to the address/port shown on the popup. You can find out more info (at least the originating process) using network diagnostic tools such as wireshark or netstat.

Offline Samhill

  • Newbie
  • *
  • Posts: 12
Re: SSL/TLS Connection
« Reply #4 on: June 26, 2012, 09:24:16 AM »
Thanks for the suggestion. I downloaded Wireshark. Unfortunately, I can't figure out how to use it.

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: SSL/TLS Connection
« Reply #5 on: June 26, 2012, 11:49:30 AM »
To get the process name/PID, run the folowing command as root:

Code: [Select]
lsof -i TCP
and look for pop3s (995). Note, that the process must be connected at the time you run the command.

Wireshark can be then used to log the communication to see what is send/received, but the communication will be probable encrypted.

Offline Pondus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 35969
Re: SSL/TLS Connection
« Reply #6 on: June 28, 2012, 09:10:29 AM »
I use Mail to connect to me ISP's server. I live in the US and for some reason the connection is in Taiwan. So is this a out going or incoming connection? Is this malware trying to phone out that Avast didn't detect?
NO.....avast is just telling you that your mail account is using SSL/TLS encrypted secure connection..   http://en.wikipedia.org/wiki/Transport_Layer_Security
like Gmail / Yahoo mail and many others


so for avast to scan your mail, you must sett your account to normal POP3 and let avast do the SSL connection


These tutorials are for the PC version.... so guessing it is done the same way on Mac ?

How to
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=842

how to video
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=917&nav=0,616,617


anyway, many mail providers have there own protection on there mail server so the mail is already scanned for virus/spam when you recive it



« Last Edit: June 28, 2012, 09:18:24 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Samhill

  • Newbie
  • *
  • Posts: 12
Re: SSL/TLS Connection
« Reply #7 on: July 06, 2012, 11:52:15 PM »
To get the process name/PID, run the folowing command as root:

Code: [Select]
lsof -i TCP
and look for pop3s (995). Note, that the process must be connected at the time you run the command.

Wireshark can be then used to log the communication to see what is send/received, but the communication will be probable encrypted.
It doesn't happen often, but it happened earlier today. This time it goes to Norway. I plugged in the command into Terminal (I hope that's what I was supposed to do, you weren't clear on that) and didn't see anything with port 993. I run it as root, because I don't know what that means.

Could it be picking up TOR? It happend three times so far. The first time was during a TOR session and so I ignored it. The second time (the first I reported here) was not. The third was.
NO.....avast is just telling you that your mail account is using SSL/TLS encrypted secure connection..   
In this case, no it doesn't.